CLAIMS: The following is a listing of all claims in the application with their status and 
the text of all active claims. 



1 . (CURRENTLY AMENDED) A method and system to deliver 

authentication authority Web services using non-reusable and non- 
reversible one-time identity codes, comprising: 

(a) authentication authority means to serve as a Web services powerhouse 
to authenticate user identity, 

(b) gateway authority means to serve as a gateway to delegate (forward) 
said authentication authority Web services to said authentication 
authority means, 

(c) authentication client means to serve as an end-user device to generate 
said one-time identity codes, 

(d) authentication handler means to serve as a doorkeeper to protect 
resources of business entities using said authentication authority Web 
services, 

(e) means comprising: 

i. transmitting said one-time identity codes from said authentication 
client means to said authentication handler means, 

ii. composing authentication requests by said authentication handler 
means, and transmitting said authentication requests from said 
authentication handler means to means selected from the group 
consisting of said gateway authority means and said authentication 
authority means. 
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iii. processing said authentication requests by said gateway authority 
means, and redirecting said authentication requests from said 
gateway authority means to said authentication authority means, 

iv. generating authentication responses by said authentication authority 
means, and transmitting said authentication responses back to said 
authentication handler means, 

whereby a scalable and distributable system to authenticate and validate 
said user identity will be provided, 

whereby a user can use only a single said' end-user device to generate said 
one-time identity codes to identify him/herself and to access protected 
resources of multiple said business entities, 

whereby the authentication system can be used as an ID verification 
system for said business entities to verify said user identity over a channel 
selected from the group consisting of the Internet, phone and other 
communication means. 

2. (ORIGINAL) The method and system of claim 1 wherein said gateway 
authority means contain means to interact with other entities of said 
gateway authority means, and publish said authentication authority Web 
services to Web service industry's registries. 

3. (ORIGINAL) The method and system of claim 2 wherein said gateway 
authority means are arranged to use Web Services Description Language 
(WSDL) to publish said authentication authority Web services, and use 
Universal Description, Discovery and Integration (UDDI) standard to 
discover said authentication authority Web services published by other 
said gateway authority entities. 
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4. (ORIGINAL) The method and system of claim 1 wherein said gateway 
authority means, said authentication authority means, said authentication 
handler means, and said authentication client means are arranged to use 
Simple Object Access Protocol (SOAP) to communicate, and use 
Hypertext Transport Protocol (HTTP) packets to transmit data over 
Secure Socket Layer (SSL). 

5. (ORIGINAL) The method and system of claim 4 wherein said data 
contains means to be transmitted by using File Transport Protocol (FTP) 
and Simple Mail Transport Protocol (SMTP). 

6. (CURRENTLY AMENDED) The method and system of claim 1 wherein 
said gateway authority means and said authentication authority means 
contain means comprising the use of Web services technology to be 
separated and placed in the Internet accessible environment to become 
said scalable and distributable system. 

7. (CURRENTLY AMENDED) The method and system of claim 1 wherein 
said authentication authority means contain means comprising the use of 
Web services technology to register and manage said user identity, said 
authentication client means identity, said user private identity, and 
associated vital information. 

8. (CURRENTLY AMENDED) The method and system of claim 1 wherein 
said authentication authority means contain means comprising the use of 
Web service technology for independently generating said one-time 
identity codes to authenticate said user identity. 

9. (CANCELED) 



Appn. Number 10/082,982 (Chenetal) Art Unit 2135 Amendment contd. 4 of 23 



10. (CURRENTLY AMENDED) The method and system of claim 1 wherein 
said authentication responses generated by said authentication authority 
means contain means comprising the use of Web services technology to 
inform said authentication handler said user identity. 

1 1 . (CURRENTLY AMENDED) The method and system of claim 1 wherein 
said authentication authority means and said authentication client means 
contain means comprising the use of Web services technology to generate 
synchronization codes and conduct synchronization. 

12. (ORIGINAL) The method and system of claim 1 1 wherein said 
synchronization codes are arranged to be generated by math functions 
comprising hash, power and modular math operators, wherein said math 
functions are arranged to use said user identity, said authentication client 
identity, and said user private identity as the input information. 

13. (CANCELED) 

14. (ORIGINAL) The method and system of claim 1 1 wherein said 
authentication authority means and said authentication client means 
contain means to generate confirmation codes to verify the success of said 
synchronization. 

15. (ORIGINAL) The method and system of claim 1 wherein said 
authentication authority means and said authentication client means 
contain means to independently generate non-predictable sequence 
number which is an essential part for producing said one-time identity 
codes. 

16. (ORIGINAL) The method and system of claim 15 wherein said non- 
predictable sequence number is arranged to be generated by math 
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functions comprising hash, power and modular math operators, wherein 
said math functions are arranged to use said user identity, said 
authentication client identity, and said user private identity as the input 
information. 

17. (CURRENTLY AMENDED) The method and system of claims 7, 12, 45 
and 16 wherein said user private identity comprises said user's biometric 
identity and other shared secret information. 

18. (CURRENTLY AMENDED) The method and system of claiml wherein 
said authentication client means contain means comprising the use of Web 
services technology to be incorporated in a portable, hand-held device. 

19. (CURRENTLY AMENDED) The method and system of claim 1 wherein 
said authentication handler means is arranged to be executed on said 
business entities' computers which support the use of Web service 
technology . 

20. (CURRENTLY AMENDED) The method and system of claim 1 wherein 
said authentication handler means contain means comprising the use of 
Web services technology to receive and process said user logon request, 
compose and submit authentication request to said authentication 
authority means, process and validate returned authentication response 
from said authentication authority means, and grant permission for said 
user to log onto said business entities' computer. 
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